There are many blogs about taking OSCP so do this blog. Before register the course, I ask myself a lot about my experience and dedication. However nothing is impossible if you have the discipline and dedication. I passed the exam on second attempt.
I register the course for 90 days lab access because of my working hours. Seriously 90 days? Are you kidding me? 90 days lab access?? Are you mad?! That is so much!! However not for me. The total time I spent in the lab could be only 1 month.
The following study materials are just for reference only.
Materials on enumeration and information gathering:
Materials on overall penetration testing and some tools:
- Penetration Testing: A Hands-On Introduction to Hacking
- Gray Hat Hacking The Ethical Hacker's Handbook, Fourth Edition
- Hacking: The Art of Exploitation, 2nd Edition
- The Hacker Playbook 2: Practical Guide To Penetration Testing
- Basic Security Testing with Kali Linux 2
- Professional Penetration Testing, Second Edition: Creating and Learning in a Hacking Lab
- Advanced Penetration Testing for Highly-Secured Environments
- vulnerabilityassessment - Penetration Test
- Metasploit: The Penetration Tester's Guide
- Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning
- Nmap 6 Cookbook: The Fat Free Guide to Network Security Scanning
- Unofficial Guide to Mimikatz & Command Reference
Materials on reverse engineering and buffer overflow:
- SecurityTube - Windows Assembly Language Megaprimer
- SecurityTube - Exploit Research Megaprimer
- FuzzySecurity - Windows Exploit Development Tutorial Series
- Exploit Development Community
- Corelan - Exploit Writing Series
- pusheax - Exploit writing – Stack based Buffer overflow
- Github - Awesome Windows Exploitation
- Offset-DB - Looking for fixed memory offset
Materials on web application attack:
- HighOn.Coffee - Local File Inclusion Cheat Sheet
- Solus - LFI + RCE + ROOT server
- netsparker - SQL Injection Cheat Sheet
- websec.ca - SQL Injection Cheat Sheet
- Resources Infosec Institute - SQL Injection Cheat Sheet
- michaeldaw - SQL Injection Cheat Sheet
- ExploitDB - SQL Injection Cheat Sheet
- pentestmonkey - SQL Injection Cheat Sheet
- BruteLogic - XSS Cheat Sheet
- n0p.net - XSS Cheat Sheet
- OWASP - XSS Cheat Sheet
Materials on post exploitation information gathering and privilege escalation:
- Linux Post Exploitation Command List
- Windows Post Exploitation Command List
- toshellandback - Windows Privilege Escalation
- FuzzySecurity - Windows Privilege Escalation
- foxglovesecurity - Hot Potato - Windows Privilege Escalation
- Resources Infosec Institute - Windows Privilege Escalation
- pentest.blog - Windows Privilege Escalation
- travisaltman - Windows Privilege Escalation
- g0tmi1k - Basic Linux Privilege Escalation
- netsec - Linux Privilege Escalation Scripts
- Resources Infosec Institute - Linux Privilege Escalation Example
Materials on reverse shell:
Materials that I used during lab and exam: